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1 Research sessions: security and Q 
fine-grained access control 

Shariq Rizvi, Alberto Mendelzon, S. Sudarshan, Prasan Roy 
June 2004 Proceedings of the 2004 ACM SIGMOD international conference on 
Management of data SIGMOD '04 

Publisher: ACM Press 

Full text available: "jg.p.df (172,57 KB) Additional Information: full citation, abstract, references, citings 

Current day database applications, with large numbers of users, require fine-grained 
access control mechanisms, at the level of individual tuples, not just entire 
relations/views, to control which parts of the data can be accessed by each user. Fine- 
grained access control is often enforced in the application code, which has numerous 
drawbacks; these can be avoided by specifying/enforcing access control at the database 
level. We present a novel fine-grained access control model based on authoriza ... 

2 The DIAMOND security polic y for object-oriented databases Q 
^ Linda M. Null, Johnny Wong 

^ April 1992 Proceedings of the 1992 ACM annual conference on Communications CSC 
'92 

Publisher: ACM Press 

Additional Information: full citation , abstract , references, citings , index 
terms 



3 



Full text available: Q pdf (792.69 KB) 



A formal data model and integrated multilevel security policy for object-oriented database 
systems are presented in this paper. The security policy addresses mandatory as well as 
discretionary security controls. Classes derive security classification constraints from their 
instances and logical instances. 

Exchange of patient records-prototy pe im plementation of a security attributes service I I 
in X.500 

Marjan Jurecic, Herbert Bunz 

November 1994 Proceedings of the 2nd ACM Conference on Computer and 
communications security CCS '94 

Publisher: ACM Press 

Full text available: ^ pdf(884.04 KB) Additional Information: full citation , abstract , references , index terms 

In Europe, the use of computers in health care industry has increased rapidly in recent 
years. This increase, however, has been accomplished with research efforts in the area of 
privacy and confidentiality of personal data. In the German legislation, protection of 
personal data is guaranteed by the constitution, granting a general right to privacy. This 
constitutional right has been amended by the German Central Court 
(Bundesverfassungsgericht). It says that each individual has the right to ... 
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4 D ataba se security | | 

Teresa F. Lunt, Eduardo B. Fernandez 
December 1990 ACM SIGMOD Record, Volume 19 issue 4 
Publisher: ACM Press 

Full text available: ^ pdf( 578.94 KB ) Additional Information: full citation, index terms 




Cost profile of a hig hl y assured, secure operating system I I 

Richard E. Smith 

February 2001 ACM Transactions on Information and System Security (TISSEC), volume 

4 Issue l 
Publisher: ACM Press 

Full text available* ffl pdf(1 65 98 KB) Additional Information: full citation, abstract, references, ci t i n gs, index 
" m " t erms 

The Logical Coprocessing Kernel (LOCK) began as a research project to stretch the state 
of the art in secure computing by trying to meet or even exceed the "Al" requirements of 
the Trusted Computer System Evaluation Criteria (TCSEC). Over the span os seven years, 
the project was transformed into an effort to develop and deploy a product: the Standard 
Mail Guard (SMG). Since the project took place under a US government contract, the 
development team needed to maintain detailed re ... 

Keywords: LOCK (Logical Coprocessing Kernel), security kernels 



Personal try sted devices for we b serv ic es: r e visi ti ng multilevel security I I 

Edgar Weippl, Wolfgang Essmayr 

April 2003 Mobile Networks and Applications, volume 8 issue 2 
Publisher: Kluwer Academic Publishers 

Full text available: ^ pdf(1 09,95. KB) Additional Information: fuH citation, abstract, rMerences, index terms 

In this paper we revisit the concept of mandatory access control and investigate its 
potential with personal digital assistants (PDA). Only if applications are clearly separated 
and Trojans cannot leak personal information can these PDAs become personal trusted 
devices. Limited processing power and memory can be overcome by using Web services 
instead of full-fledged applications - a trend also in non-mobile computing. Web services, 
however, introduce additional security risks, some of them speci ... 

Keywords: multilevel security (MLS), personal digital assistant (PDA), personal trusted 
device (PTD), trusted computing base (TCB) 



Traducement: A model for record security 
Tom Walcott, Matt Bishop 

November 2004 ACM Transactions on Information and System Security (TISSEC), 

Volume 7 Issue 4 
Publisher: ACM Press 

Full text available: f£l pdf( 31 1 .06 KB ) Additional Information: full citat ion, a bstract , refe rence s, index ter ms, 

review 

Security models generally incorporate elements of both confidentiality and integrity. We 
examine a case where confidentiality is irrelevant to the process being modeled. In this 
case, integrity includes not only the authentication of origin and the lack of unauthorized 
changes to a document, but also the acceptance of all parties that the document is 
complete, signed by all parties, and cannot be modified further. This is especially critical 
when the document is recorded, so that it is legally t ... 

Keywords: Integrity, recordation, security policy, traducement 
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8 On the im plementation of security meas ures in information system s I I 

R. W. Conway, W. L. Maxwell, H. L. Morgan ^ 
April 1972 Communications of the ACM, volume is issue 4 
Publisher: ACM Press 

Full text available: ^pdf( 1.09 MB ) Additional Information: full citation , abstract , references , citings 

The security of an information system may be represented by a model matrix whose 
elements are decision rules and whose row and column indices are users and data items 
respectively. A set of four functions is used to access this matrix at translation and 
execution time. Distinguishing between data dependent and data independent decision 
rules enables one to perform much of the checking of security only once at translation 
time rather than repeatedly at execution time. The model is used to ex ... 

Keywords: access control confidentiality, access management, data banks, management 
information systems, operating systems, privacy, security 



Joining relations in the belief-consistent multilevel secure relational model . Q 
Nenad Jukic, Susan V. Vrbsky 

April 1998 Proceedings of the 36th annual Southeast regional conference ACM-SE 36 

Publisher: ACM Press 

Full text available: ^ pdf(1.97 MB) Additional Information: full citation , references , index terms 



10 Hig h dictionary compression for proactive password checkin g Q 
^ Francesco Bergadano, Bruno Crispo, Giancarlo Ruffo 

V' November 1998 ACM Transactions on Information and System Security (TISSEC), 

Volume 1 Issue 1 
Publisher: ACM Press 

Full text available: pdf{1 41 .89 KB) Additional Information: yjL^tatjon, abstract, reMcences, citings, index 
l^j terms, r eview 

The important problem of user password selection is addressed and a new proactive 
password-checking technique is presented. In a training phase, a decision tree is 
generated based on a given dictionary of weak passwords. Then, the decision tree is used 
to determine whether a user password should be accepted. Experimental results 
described here show that the method leads to a very high dictionary compression (up to 
1000 to 1) with low error rates (of the order of 1%). A prototype implementat ... 

Keywords: access control, decision trees, password selection, proactive password 
checking 



11 The Department of Defense communications in the 21st century I I 
ALM. Paoletti 

>^ January 1992 ACM SIGCOMM Computer Communication Review, volume 22 issue 1 
Publisher: ACM Press 

Full text available: ^[pdf( 691.92 KB ) Additional Information: full cita tion, abstract , index terms 

The Department of Defense (DoD) is one of the biggest users of communications in the 
world. Communications systems are used not only for the administration of the 
Department, but, most critically, for the command and control of force structures. To this 
end, the Defense Communications Agency (DCA) strives to ensure that the Departments 
missions are carried out with state-of-the-art communications systems. In this article an 
architecture is postulated to achieve the Department's objective of rap ... 

12 Providin g non-hierarchical security throu g h interface mechanisms I I 
Deborah Hamilton 

August 1994 Proceedings of the 1994 workshop on New security paradigms NSPW 
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•94 

Publisher: IEEE Computer Society Press 

Full text available: 1p pdf(627.68 KB) Additional Information: full citation , abstract , references , index terms 




Common security models provide protection in an hierarchical fashion (i.e. there is a 
trusted core with outer circles of less secure code and data). There is only one method of 
providing protection. This model makes it difficult to protect code and data with multiple 
types of non-hierarchical policies. It implies complete trust in the core requiring thorough 
evaluation each time modifications are made. This paper first describes a paradigm shift 
to non-hierarchical security. It then ... 

1 3 Proactive password checking with decision trees 
^ F. Bergadano, B. Crispo, G. Ruffo 

>^ April 1997 Proceedings of the 4th ACM conference on Computer and communications 
security CCS '97 

Publisher: ACM Press 

Full text available: ^)pdf(1.27 MB) Additional Information: full citation, references, citings, index terms 
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